"We have seen an increase in the misuse of WiFi, in order to steal information"
The increase of broadband roll-out and the growth of WiFi in public spaces is providing society with the huge benefit of access to the Internet quickly and easily. But not all WiFi is as secure as we might think it is. Troels Oerting, Head of Europol’s Cybercrime Division, warns that attacks are rising on public WiFi and are a major security risk.
In the UK, key cities like London, Manchester and Birmingham are increasing public WiFi access, whilst restaurants, cafes and bars are also keen provide free WiFi to attract customers.
For most smartphone users public WiFi is always seen as a great way of saving data usage included in their phone tariffs but if you are going to use public WiFi for personal transactions, sensitive data and banking, this may not be the best method.
Oerting, told the BBC that attacks were increasing on public WiFi and due to the vast spaces of where WiFi is operating, it was “difficult… to grasp the magnitude” of the problem.
“We have seen an increase in the misuse of wi-fi, in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections,” he said.
“We should teach users that they should not address sensitive information while being on an open insecure WiFi internet,” said Troels.
The important thing is to distinguish if the public WiFi you are using is secure and not public. When you connect to it, if it requires a security access password, it means it is secure but if you can just connect to it with no password, it is insecure.
“They should do this from home where they know actually the wi-fi and its security, but not if you are in a coffee shop somewhere you shouldn’t access your bank or do all of these things that actually transfer very sensitive information,” he added.
Something known as ‘man-in-the-middle’ is being applied to commit these attacks on public networks. Where, the hackers capture data being passed between a user of the public WiFi and the Internet. Attacks of these kind are targeting people when they communicate with a bank, do online shopping or log in to social media sites.
Oerting says the attackers do not use novel techniques but rely on well-known approaches that trick people into connecting to WiFi hotspots that, superficially, resembles those seen in cafes, pubs and restaurants and other public spaces. So, people think they are using a public WiFi which is provided a reliable source. Especially, if its available free.
A recent example of a “man-in-the-middle” attack took place at the European Parliament which then turned off its public wi-fi system after the discovery of the attack.
Mr Oerting’s warning comes only a few months after the European parliament.
Therefore, it is important to be extremely vigilant when using public WiFi and only use it for non-sensitive data activity if you are unsure about it’s security. Here are some tips to keep yourself safe when using public WiFi:
- Always use a reputable internet security software on all your devices including your laptop, PC, MAC, tablets and smartphone.
- If a WiFi connection does not require a password, it is insecure. So, don’t send any confidential information over this network e.g. username, passwords, private data etc.
- Look for publica places that do offer free WiFi but require a password which you obtain from them.
- Look out for the https in the web address in your browser and the padlock symbol when using websites for personal transactions.
- Always check your credit card or debit bills for any odd transactions, especially if you use public WiFi a lot.
- Always keep your device software up-to-date especially if security updates are available.
Charlie McMurdie, former head of the UK’s Cybercrime Unit enforces the risk and says: “A lot of mainstream criminals have identified there are easy opportunities and vulnerabilities just walking down the street and exploiting wi-fi networks that exist in every coffee shop.”
Security using the Internet has been and always will be an issue as hackers find new ways of executing attacks but as long as you stick to the rules of keeping your confidential data secure, you can lower he chances of experiencing theft of your data.